Known Vulnerabilities for products from Zyxel
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Zyxel".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Additional devices specifications by Zyxel can be found at device.report : Zyxel
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-0556 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 7.8 - HIGH | 2022-04-11 | 2023-06-26 |
| CVE-2022-0342 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2022-03-28 | 2022-04-04 |
| CVE-2021-35036 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 6.5 - MEDIUM | 2022-03-01 | 2022-09-30 |
| CVE-2021-35035 | A cleartext storage of sensitive information vulnerability in the Zyxel NBG6604 firmware could allow a remote, authenticated ... | 6.5 - MEDIUM | 2021-12-29 | 2022-01-07 |
| CVE-2021-35034 | An insufficient session expiration vulnerability in the CGI program of the Zyxel NBG6604 firmware could allow a remote attack... | 9.1 - CRITICAL | 2021-12-29 | 2022-01-07 |
| CVE-2021-35033 | A vulnerability in specific versions of Zyxel NBG6818, NBG7815, WSQ20, WSQ50, WSQ60, and WSR30 firmware with pre-configured p... | 7.8 - HIGH | 2021-11-23 | 2022-10-27 |
| CVE-2021-35032 | A vulnerability in the 'libsal.so' of the Zyxel GS1900 series firmware version 2.60 could allow an authenticated local user t... | 7.8 - HIGH | 2021-12-28 | 2022-01-07 |
| CVE-2021-35031 | A vulnerability in the TFTP client of Zyxel GS1900 series firmware, XGS1210 series firmware, and XGS1250 series firmware, whi... | 8 - HIGH | 2021-12-28 | 2022-01-07 |
| CVE-2021-35030 | A vulnerability was found in the CGI program in Zyxel GS1900-8 firmware version V2.60, that did not properly sterilize packet... | 4.3 - MEDIUM | 2021-07-26 | 2021-08-13 |
| CVE-2021-35029 | An authentication bypasss vulnerability in the web-based management interface of Zyxel USG/Zywall series firmware versions 4.... | 9.8 - CRITICAL | 2021-07-02 | 2021-07-08 |
| CVE-2021-35028 | A command injection vulnerability in the CGI program of the Zyxel VPN2S firmware version 1.12 could allow an authenticated, l... | 7.8 - HIGH | 2021-09-29 | 2021-10-02 |
| CVE-2021-35027 | A directory traversal vulnerability in the web server of the Zyxel VPN2S firmware version 1.12 could allow a remote attacker ... | 7.5 - HIGH | 2021-09-29 | 2021-10-02 |
| CVE-2021-4039 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 9.8 - CRITICAL | 2022-03-01 | 2022-04-28 |
| CVE-2021-4030 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2022-02-24 | 2022-03-02 |
| CVE-2021-4029 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2022-02-24 | 2022-03-02 |
| CVE-2021-3297 | On Zyxel NBG2105 V1.00(AAGU.2)C0 devices, setting the login cookie to 1 provides administrator access. | 7.8 - HIGH | 2021-01-26 | 2021-02-03 |
| CVE-2020-29583 | Firmware version 4.60 of Zyxel USG devices contains an undocumented account (zyfwp) with an unchangeable password. The passwo... | 9.8 - CRITICAL | 2020-12-22 | 2023-11-07 |
| CVE-2020-29299 | Certain Zyxel products allow command injection by an admin via an input string to chg_exp_pwd during a password-change action... | 7.2 - HIGH | 2020-12-27 | 2021-01-05 |
| CVE-2020-28899 | The Web CGI Script on ZyXEL LTE4506-M606 V1.00(ABDO.2)C0 devices does not require authentication, which allows remote unauthe... | 9.1 - CRITICAL | 2021-03-16 | 2021-03-22 |
| CVE-2020-25014 | A stack-based buffer overflow in fbwifi_continue.cgi on Zyxel UTM and VPN series of gateways running firmware version V4.30 t... | 9.8 - CRITICAL | 2020-11-27 | 2020-12-10 |
Known software with vulnerabilities from Zyxel
| Type | Vendor | Product | Version |
|---|---|---|---|
| Operating System | Zyxel | 2.00abbx.3 | - |
| Operating System | Zyxel | Access Points Firmware | - |
| Hardware | Zyxel | Atp200 | - |
| Operating System | Zyxel | Atp200 Firmware | 4.31 |
| Hardware | Zyxel | Atp500 | - |
| Operating System | Zyxel | Atp500 Firmware | 4.31 |
| Hardware | Zyxel | Atp800 | - |
| Operating System | Zyxel | Atp800 Firmware | 4.31 |
| Application | Zyxel | Cloud Cnm Secumanager | 3.1.0 |
| Application | Zyxel | Cloudcnm Secumanager | 3.1.0 |
| Hardware | Zyxel | Gs1900-10hp | - |
| Operating System | Zyxel | Gs1900-10hp Firmware | - |
| Hardware | Zyxel | Gs1900-16 | - |
| Operating System | Zyxel | Gs1900-16 Firmware | - |
| Operating System | Zyxel | Gs1900-24 Firmware | - |
| Hardware | Zyxel | Gs1900-24e | - |
| Operating System | Zyxel | Gs1900-24e Firmware | - |
| Hardware | Zyxel | Gs1900-24hp | - |
| Operating System | Zyxel | Gs1900-24hp Firmware | - |
| Hardware | Zyxel | Gs1900-48 | - |